Implement draft 10 of the http2 spec #34
Conversation
|
You're doing awesome work, @alekstorm, thankyou! I'll review this as well, but your concerns about TLS are well-founded. I think what I'll do is, when we're happy, merge this code to a new branch (not development). We can therefore keep track of the work you've done here and make it my job not to break it, rather than your job to fix it if I do. I'm also going to warn you that I plan to merge the Python 2.7 support first, so you may need to rebase this pull request once I do that. |
| @@ -12,6 +12,9 @@ | |||
| # The maximum length of a frame. Some frames have shorter maximum lengths. | |||
| FRAME_MAX_LEN = (2 ** 14) - 1 | |||
|
|
|||
| def _total_padding(high, low): | |||
| return high * 256 + low | |||
|
|
|||
There was a problem hiding this comment.
Can we get a docstring on this, just to explain its purpose?
There was a problem hiding this comment.
This is also probably more clearly expressed as a bitshift, e.g. (high << 8) + low.
|
Some other notes that you'll want to consider and probably work on:
|
|
Rebased on |
alekstorm
changed the title
|
Oh man, I missed this, but we're technically not feature complete unless we also move to HPACK draft 6. Don't rush to implementing it, I'm happy to do it tonight, but if you feel like doing it you're of course welcome to. |
|
Ok, rebasing onto |
|
Did you start on the HPACK update? If not, I'd be more than willing to take care of it; I just don't want to duplicate work. |
|
I've started on it. Don't expect it to move quickly though. =) |
|
Ok, done. =) |
|
Don't forget to rebase against the new |
…ike TLS parameters
|
Done. |
| # TODO This just verifies that the post-handshake servername matches the | ||
| # certificate, right? We need to also check that the returned servername | ||
| # matches the requested one... right? | ||
| context.check_hostname = True |
There was a problem hiding this comment.
Might be worth examining what Requests does here. =)
|
Just realized padding was also added to the |
|
No update should be required for |
|
Sorry, only minor change: flag types should be enough. |
| @@ -1,5 +1,6 @@ | |||
| py==1.4.19 | |||
| pyOpenSSL==0.14 | |||
There was a problem hiding this comment.
A couple of notes here. We can't say this a test requirement because it's a requirement on 2.7. We'll need custom code in setup.py to make it a Python-version-specific dependency. I'm going to recommend having a function in setup.py called resolve_additional_dependencies, because I want to add pypy support as well and I'd like to keep those concerns encapsulated.
Secondly, that version number is wrong (as NPN isn't in PyOpenSSL yet).
There was a problem hiding this comment.
Oh, I just noticed it's also a requirement on 3.3 because 3.3 doesn't have PROTOCOL_TLSv1_2 in the ssl module.
|
Okay, I've moved pyOpenSSL into the Still have a few other review comments to take care of; should finish that up soon. As for the TODO comments, I suppose they can be taken care of on a case-by-case basis, since this is an (exceptionally well-tested) alpha project. For background, I generally use TODO to mark code that should simply be revisited later, and FIXME to mark code that shouldn't be merged in its present state (hence, you should only see FIXMEs in WIP PRs). |
|
Looks like properly supporting the DHE/ECDHE cipher suites is impossible until pyca/pyopenssl#82 (or whatever its successor is) gets merged, so I suppose the only action item left (correct me if I'm wrong) is fixing the sporadically-broken tests. |
|
Ah, yes, sorry about that, I failed to adequately communicate what I meant. =D I don't want to support plaintext HTTP/2 until we have Upgrade working. In the meantime, we should be mandating TLS HTTP/2. What I wanted for PyOpenSSL was to add it to the After I merge I'll go through and take a look at the TODOs and see if I can fix them straight away or if I should turn them into issues (for better discovery). As for DHE/ECDHE, we can wait on that. =) I'll look at the tests shortly. |
|
That means we can remove the non-TLS stuff, which should help fix up your tests. =) Let me know when you've done that and changed |
|
Done. Side note: I'm at UTC-8; you're at UTC+0, correct? Just curious. |
|
Does this mean you're not interested in supporting non-TLS connections with prior knowledge, i.e. that don't use the |
| @@ -45,7 +46,7 @@ def send(self, request, stream=False, **kwargs): | |||
| """ | |||
| parsed = urlparse(request.url) | |||
|
|
|||
| conn = self.get_connection(parsed.netloc) | |||
| conn = self.get_connection(parsed.scheme, parsed.netloc) | |||
There was a problem hiding this comment.
Heh, this snuck in! Can you pull this commit out and have it in a different pull request?
|
|
||
| env: | ||
| - EXTRAS=TLS | ||
| - EXTRAS=_ # pip currently barfs on `install -e .[]`, but is fine with nonexistent extra dependencies |
There was a problem hiding this comment.
I don't think these environment variables are needed anymore.
|
Yeah, I'm in London. =) Hence the weird offsets. I haven't come up with a good API to do prior-knowledge, and I also don't foresee it as the primary use-case of the library. The end-goal is to be able to transparently interop between HTTP/1.1 and HTTP/2, which obviates (hopefully) the need to do much in the way of prior knowledge. So, let's see how the test run goes. =) |
|
Oh, wait, it goes inevitable failure because now both Python 2.7 and Python 3.3 rely on a PyOpenSSL release that doesn't exist yet. =D |
|
What do you mean? pyOpenSSL 0.14 exists; I have it installed on my machine right now. The tests only failed because |
|
Looks like there's some PyOpenSSL fun on 3.3. |
|
Indeed, I just found out (my bad; should've been more diligent about On Sat, Apr 5, 2014 at 11:26 AM, Cory Benfield notifications@git.luolix.topwrote:
|
|
I added tox support which should help with this on your local machine. =) |
|
Aaand she's green! |
|
Victory! Ok, let's get synced up on where this is. We have full http/2-10 support except:
Does that match your assessment? |
|
Yes. Are the TODOs and NPN support blockers? If so, which TODOs would you like me to fix? Or did you mean all of them? If not, the fact that this is actually a partial regression on Py3.3 means that 3.4 should be officially supported, just to keep the Am I correct in assuming you have HPACKv6 sitting in a local branch somewhere, ready to merge on top of this once it gets merged? Also, this is still going into a branch, since Oh, and technically we're not h2-10 compliant until DHE/EDCHE ciphers are supported in pyOpenSSL (hopefully in 0.15) - you correctly pointed this out before. For context, nghttp2 just uses the cipher list |
|
OK, let's take those questions in order.
So, I'll check out all the TODOs and move the ones I'm worried about into issues, and then go ahead and merge this to a branch. |
|
Ok, this has been merged to the @alekstorm, thankyou so much for your work on this. You did a huge amount of work here and in #33, and it's been an enormous help. You're a model contributor! I owe you a substantial number of beverages of your choice. |
|
Thanks! The feeling is mutual; I can't overstate how refreshing it is to work with such a supportive, courteous project maintainer. If only the rest of the open-source world had the same outlook, I think we'd all accomplish a lot more. |
|
I'm glad you're enjoying the collaboration, I learned from the best. =) I'm glad to see your contributions keep coming, as well! In the event you're looking for more supportive types, the #positivepython IRC channel is a nice place to hang out. |
Besides the frame/settings renumbering, the biggest single change is the new DATA frame padding format.
Unfortunately, it's currently impossible to fully conform to the v10 spec with solely the
sslstandard library module at our disposal, so merging this should probably wait until a pyOpenSSL compatibility layer can be written that exposes the necessary TLS options.